Getting a kerberos ticket
Donn Cave
donn at drizzle.com
Wed Jan 29 00:28:46 EST 2003
Quoth Mike McGavin <jester at NOSPAM.mcsnospam.vuw.netNOSPAM.nz>:
|> Then you need a keytab file with the principal's password, with access
|> restricted to your application ID (and root of course - there's no way
|> you can do this without giving the web host's admins access to your
|> database.) That can be used periodically to update credentials, via
|> kinit in a cron job, or every time the request runs.
|
| Thanks. Would I still need this if the process is running under my uid,
| or is it only if it's running as nobody?
Running as you. It's your password, kinit will use the keytab instead
of prompting.
|> A Python module for Kerberos5 is feasible, but seems like it might be
|> the least of your worries (maybe not even worth the installation and
|> maintenance of this C module.)
|
| I actually managed to find Elliot Lee's krb5 module at
| http://py.vaults.ca/parnassus/apyllo.py?i=187576001, but I'm having a
| difficult time getting it to compile under NetBSD. I'm not yet sure if
| it'll do what I want, but I'm hoping.
That's interesting, I'll have to see what he's got. NetBSD comes with
Heimdal, as opposed to MIT, Kerberos5. MIT and Heimdal aren't 100%
compatible at the API level in my experience, that could be the problem.
But you really do not need a Python krb5 module for this.
Donn Cave, donn at drizzle.com
More information about the Python-list
mailing list